Sathurbot: Distributed WordPress password attack

This article sheds light on the current ecosystem of the Sathurbot backdoor trojan, in particular exposing its use of torrents as a delivery medium and its distributed brute-forcing of weak WordPress administrator accounts. The torrent leecher Looking to download a movie or software without paying for it? There might be associated risks. It just might … More Sathurbot: Distributed WordPress password attack

If you download Minecraft mods from Google Play, read on …

Minecraft players have been exposed to scams and aggressive ads brought by 87 fake Minecraft mods recently spotted on Google Play. The apps can be divided into two categories – the ad-displaying downloader detected by ESET as Android/TrojanDownloader.Agent.JL and fake apps redirecting users to scam websites, detected as Android/FakeApp.FG. Altogether, the 87 fake mods reached … More If you download Minecraft mods from Google Play, read on …

New Android trojan mimics user clicks to download dangerous malware

Android users have been exposed to a new malicious app imitating Adobe Flash Player that serves as a potential entrance for many types of dangerous malware. The application, detected by ESET security software as Android/TrojanDownloader.Agent.JI, tricks its victims into granting it special permissions in the Android accessibility menu and uses these to download and execute … More New Android trojan mimics user clicks to download dangerous malware

Trojan Downloaders on the rise: Don’t let Locky or TeslaCrypt ruin your day

Weeks after it started attacking and encrypting victims’ files, Locky is still targeting many users. In order to provide more information about this threat, we have put together some information to help protect you in a better way. Short summary Win32/Filecoder.Locky.A is a ransomware variant that encrypts files with over 100 file types such as images, videos, databases, … More Trojan Downloaders on the rise: Don’t let Locky or TeslaCrypt ruin your day

Operation Buhtrap malware distributed via ammyy.com

We noticed in late October that users visiting the Ammyy website to download the free version of its remote administrator software were being served a bundle containing not only the legitimate Remote Desktop Software Ammyy Admin, but also an NSIS (Nullsoft Scriptable Installation Software) installer ultimately intended to install the tools used by the Buhtrap … More Operation Buhtrap malware distributed via ammyy.com